Hackers accessed the credit and debit card accounts of around 100 Frost Bank customers after they took Visa and MasterCard debit card information from the database of a national retailer. Banks across the nation were affected by the breach. Only 100 Frost Bank customers reported fraudulent charges.

Information Source:
Dataloss DB

records from this breach used in our total:
9,300

May 21, 2006

Columbus Bank & TrustColumbus, Georgia

BSF

HACK

2,000

A security problem may have exposed customer credit and check card information.

Information Source:
Dataloss DB

records from this breach used in our total:
2,000

May 22, 2006

U.S. Department of Veterans AffairsWashington, District Of Columbia

GOV

PORT

26,500,000

(800) 827-1000

On May 3, data of all American
veterans who were discharged since 1975 including names, Social Security
numbers, dates of birth and in many cases phone numbers and addresses,
were stolen from a VA employee's home. Theft of the laptop and computer
storage device included data of 26.5 million veterans. The data did
not contain medical or financial information, but may have disability
numerical rankings.

UPDATE
(6/29/06): The stolen laptop computer and the external hard
drive were recovered.

UPDATE
(7/14/06): FBI claims no data had been taken from stolen computer.

UPDATE(8/5/06):
Two teens were arrested in the theft of the laptop.

UPDATE
(8/25/06): In an Aug. 25 letter, Secretary Nicholson told veterans
of the decision to not offer them credit monitoring services. Rather
the VA has contracted with a company to conduct breach analysis to
monitor for patterns of misuse.

UPDATE
(11/23/07): A federal judge questioned the Veterans Affairs Department's
computer security and ruled Friday that lawsuits can go forward over
the theft of computer equipment containing data on 26.5 million veterans.
The lawsuits have been filed as potential class-action cases representing
every veteran whose data was released.

UPDATE
(1/23/09): The Department of Veterans Affairs has agreed to pay $20
million to current and former military personnel to settle a class
action lawsuit.

UPDATE
(6/16/09): No less than $75 will be paid for any valid claim, up to
a cap of $1,500. If your expenses were higher than that, you might
want to opt out of the class-action portion so you can file for your
actual damages. In that case, you need to file a letter so it is received
by June 29, 2009. You have until Nov. 27, 2009, to mail your claim
form to VA Settlement Claims, P.O. Box 6727, Portland, OR 97228-9767.
Be sure to keep a copy of the claim form, along with your proof of
mailing. To download the claim form and to get more information, go
to www.veteransclass.com.
Read the FAQ and note the particulars on out-of-pocket expenses and
actual damages. You also can call (888) 288-9625.

UDPATE (10/19/12): An investigation into the VA revealed that encryption software has only been installed on 16% of VA computers since the 2006 breach. Six million dollars has been spent on encryption software since the 2006 breach. The investigation began after a 2011 anonymous tip.

Information Source:
Dataloss DB

records from this breach used in our total:
26,500,000

May 23, 2006

University of DelawareNewark, Delaware

EDU

HACK

1,076

A security breach of a Department
of Public Safety computer server potentially exposed names, Social
Security numbers and driver's license numbers. Individuals whose personal information was compromised were contacted.

In April, three laptop computers were
stolen from the agency's office. They contained
personal information on mental health clients, including Social Security numbers. Those affected were contacted in May.

Information Source:
Dataloss DB

records from this breach used in our total:
100

May 23, 2006

Mortgage Lenders Network USAMiddletown, Connecticut

BSF

INSD

231,000

A former employee was arrested
for extortion for attempting to blackmail his former employer for
$6.9 million. He threatened to expose company files containing sensitive
customer information - including customers' names, addressess, Social
Security numbers, loan numbers, and loan types - if the company didn't
pay him. He stole the files over the 16 months he worked there.

Information Source:
Dataloss DB

records from this breach used in our total:
231,000

May 23, 2006

Liberty Mutual Insurance CompanyBoston, Massachusetts

BSF

PORT

384

Two company laptops were stolen in California in March and one company laptop was stolen in Kentucky in April. One incident exposed some customer names and Social Security numbers that were listed along with their claims. The other incident exposed names and Social Security numbers for employees of some of Liberty's commercial insureds.

Information Source:
Dataloss DB

records from this breach used in our total:
384

May 24, 2006

Sacred Heart UniversityFairfield, Connecticut

EDU

HACK

Unknown

It was discovered on May
8th that a computer containing personal information including names,
addresses and Social Security numbers was breached. The University did not immediately release information on who the breach affected.

Information Source:
Dataloss DB

records from this breach used in our total:
0

May 24, 2006

New York State Insurance Fund (NYSIF)New York, New York

GOV

PORT

37

An agency laptop computer was stolen from an employee's car. Names and Social Security numbers were on the laptop.

Information Source:
Dataloss DB

records from this breach used in our total:
37

May 25, 2006

VyStar Credit UnionJacksonville, Florida

BSF

HACK

34,400

Hacker gained access to
member accounts a and stole personal information
including names, addresses, birth dates, mother's maiden names, Social Security numbers
and/or email addresses. Less than 10% of VyStar's 344,000 members were affected.

Information Source:
Dataloss DB

records from this breach used in our total:
34,400

May 25, 2006

Security Savings BankSouthport, North Carolina

BSF

HACK

13

Security Saving's website host Goldleaf Technologies informed the bank that their website was down. The website had been phished for two hours. Thirteen customers visited the fraudulent website during that time. Passwords, user IDs, account numbers and card numbers could have fallen into the wrong hands.

Information Source:
Dataloss DB

records from this breach used in our total:
13

May 26, 2006

California State University StanislausTurlock, California

EDU

DISC

1,294

The University was informed that a file containing sensitive information remained in the Google cache and could be accessed by those with technological expertise. The file was first indexed in October of 2005. The file was deleted form the server, but it remained in the Google files cache. The file included names, addresses, Social Security numbers, and dates of birth of some current and former employees and their dependents.

Information Source:
Dataloss DB

records from this breach used in our total:
1,294

May 26, 2006

California Department of Financial Institutions, California

GOV

PORT

Unknown

The California Department of Financial Institutions has offices in Sacramento, San Francisco, Los Angeles and San Diego.

On May 26, an examiner's laptop was stolen from a car. The laptop contained the personal data of bank customers.

Information Source:
Dataloss DB

records from this breach used in our total:
0

May 30, 2006

Florida International UniversityMiami, Florida

EDU

HACK

Unknown

Hacker accessed a database
that contained personal information on thousands of individuals, such as student and applicant
names and Social Security numbers.

Texas Guaranteed (TG) was
notified by subcontractor Hummingbird that on May 24, an employee
had lost a piece of equipment containing names and Social Security
numbers of TG borrowers.

UPDATE
(6/16/06):TG now says
a total of 1.7 million people's information was compromised, 400,000
more than original estimate of 1.3 million.

Information Source:
Dataloss DB

records from this breach used in our total:
1,700,000

June 1, 2006

Miami UniversityOxford, Ohio

EDU

PORT

851

An employee lost a hand-held
personal computer containing personal information of students who
were enrolled between July 2001 and May 2006.

Information Source:
Dataloss DB

records from this breach used in our total:
851

June 1, 2006

Ernst & YoungNew York, New York

BSO

PORT

243,000

Additional locations: Throughout the US and UK. Breach occurred in Texas.

A laptop containing names,
addresses and credit or debit card information of Hotels.com customers
was stolen from an employee's car in Texas.

Information Source:
Media

records from this breach used in our total:
243,000

June 1, 2006

University of KentuckyLexington, Kentucky

EDU

DISC

1,300

Personal information of
current and former University of Kentucky employees including Social
Security numbers was inadvertently accessible online for 19 days in May.

Information Source:
Dataloss DB

records from this breach used in our total:
1,300

June 1, 2006

YMCA of Greater ProvidenceProvidence, Rhode Island

NGO

PORT

65,000

A laptop computer containing
personal information of members was stolen. The information included
credit card and debit card numbers, checking account information,
Social Security numbers, the names and addresses of children in daycare
programs and medical information about the children, such as allergies
and the medicine they take, though the type of stolen information
about each person varies. Those affected were notified.

An EDS employee lost a
laptop computer during a commercial flight that contained pension
data of former employees of Ahold's supermarket chains including Social
Security numbers, birth dates and benefit amounts. The laptop was lost form the checked baggage of a domestic commercial airline flight on May 2, 2006. The laptop was not recovered even though the incident was reported immediately.

Information Source:
Dataloss DB

records from this breach used in our total:
92,000

June 3, 2006

Buckeye Community Health PlanColumbus, Ohio

MED

PORT

72,000

Four laptop computers containing
customer names, Social Security numbers, and addresses were stolen
from the Medicaid insurance provider.

Information Source:
Dataloss DB

records from this breach used in our total:
72,000

June 3, 2006

HumanaLouisville, Kentucky

MED

DISC

17,000 current and former
Medicare enrollees

Personal information of
Humana customers enrolled in the company's Medicare prescription drug
plans could have been compromised when an insurance company employee
called up the data through a hotel computer and then failed to delete
the file.

Information Source:
Dataloss DB

records from this breach used in our total:
17,000

June 5, 2006

U.S. Internal Revenue Service (IRS)Washington, District Of Columbia

GOV

PORT

291

A laptop computer containing
personal information of employees and job applicants, including fingerprints,
names, Social Security numbers, and dates of birth, was lost during
transit on an airline flight

Information Source:
Security Breach Letter

records from this breach used in our total:
291

June 5, 2006

Kingsbrook Jewish Medical CenterBrooklyn, New York

MED

PORT

34,863

A personal computer was stolen from the Hospital's outpatient billing office on December 26, 2005. It is likely that the computer contained spreadsheets with patient names and Social Security numbers embedded in insurance numbers. Those affected were notified May 26, 2006.

Information Source:
Dataloss DB

records from this breach used in our total:
34,863

June 6, 2006

University of Texas at El PasoEl Paso, Texas

EDU

HACK

4,719

Students demonstrated that
student body and faculty elections could be rigged by hacking into
student information including Social Security numbers.

Information Source:
Dataloss DB

records from this breach used in our total:
4,719

June 6, 2006

U.S. Department of EnergyWashington, District Of Columbia

GOV

HACK

1,502

Names, Social Security
numbers, security clearance levels and place of employment for mostly
contract employees who worked for National Nuclear Security Administration
may have been compromised when a hacker gained entry to a computer
system at a service center in Albuquerque, NM eight months prior to press releases.

Information Source:
Dataloss DB

records from this breach used in our total:
1,502

June 6, 2006

ARAMARK CorporationAtlanta, Georgia

BSO

PORT

6,028

The May 5 theft of a laptop resulted in the exposure of personal information of current and former employees. Social Security numbers and other personal information were lost.

Information Source:
Dataloss DB

records from this breach used in our total:
6,028

June 6, 2006

Empire State CollegeSaratoga Springs, New York

EDU

INSD

16

On December 15 of 2005, an intruder installed key-logger was discovered on a computer that had been used to access Social Security numbers. The keystroke capture program was installed by a relative of an employee in order to capture and read email messages that the staff member was sending. The program was in operation from March 2004 to January 2005 and again from October 2005 to December 15. The affected PC was removed from the office and had its hard drive scanned and cleaned.

Information Source:
Dataloss DB

records from this breach used in our total:
16

June 6, 2006

Thomson WestEagan, Minnesota

BSO

PORT

Unknown

A laptop was discovered stolen on or around April 28. The information on the laptop included employee names, Social Security numbers, addresses and phone numbers. Notifications were sent in early June.

Information Source:
Dataloss DB

records from this breach used in our total:
0

June 7, 2006

Colorado Mental Health Institute Fort LoganDenver, Colorado

GOV

PHYS

69

A briefcase with paper files was taken from an employee's car while it was at a park on April 21. The briefcase contained paper files with the information of 40 employees and 247 patients. Only 29 employees and 40 patients had their Social Security numbers exposed. Other information included names, addresses, gender and birth dates. Those affected were notified in early June.

Information Source:
Dataloss DB

records from this breach used in our total:
69

June 8, 2006

University of Michigan Credit Union Ann Arbor, Michigan

BSF

PHYS

5,000

Paper documents containing
personal information of credit union members were stolen from a storage
room. The documents were supposed to have been digitally imaged and
then shredded. Instead, they were stolen and used to perpetrate identity
theft.

Information Source:
Dataloss DB

records from this breach used in our total:
5,000

June 10, 2006

Nationwide Retirement SolutionsPhoenix, Arizona

BSF

PORT

Unknown

The office theft of several laptop computers resulted in the exposure of personal information. City and county employees in Southern Arizona may have had their names, Social Security numbers, birth dates and addresses exposed.

Information Source:
Dataloss DB

records from this breach used in our total:
0

June 11, 2006

Denver Election CommissionDenver, Colorado

GOV

PHYS

150,000

Records containing personal
information on more than 150,000 voters are missing at city election
offices. The microfilmed voter registration files from 1989 to 1998
were in a 500-pound cabinet that disappeared when the commission moved
to new offices in February. The files contain voters' Social Security
numbers, addresses and other personal information.

Information Source:
Dataloss DB

records from this breach used in our total:
150,000

June 11, 2006

Adams State CollegeAlamosa, Colorado

EDU

PORT

184 Upward Bound students

A laptop computer stolen
from a locked closet at Adams State College contained personally identifiable
data belonging to 184 high school students who participated in the
college's Upward Bound program over the last four years. The theft
occurred on August 14, but it was not until late September that staff
realized the computer held students' data.

Information Source:
Dataloss DB

records from this breach used in our total:
184

June 12, 2006

Fish & RichardsonBoston, Massachusetts

BSO

PORT

1,924

The June 12 home theft of a laptop resulted in the exposure of current and former employee information. Names and Social Security numbers had once been saved on the laptop. Three former employees were not notified because their contact information could not be found.

Information Source:
Dataloss DB

records from this breach used in our total:
1,924

June 12, 2006

Barnard CollegeNew York, New York

EDU

HACK

2,250

A hacking incident that was discovered on June 6 may have left the names and Social Security numbers of students and employees exposed. The computer that was compromised may have allowed the hacker to access information for all students and employees.

Information Source:
Dataloss DB

records from this breach used in our total:
2,250

June 13, 2006

Minnesota State AuditorSt. Paul, Minnesota

GOV

PORT

493

Three laptops possibly
containing Social Security numbers of employees and recipients of
housing and welfare benefits along with other personal information
of local governments the auditor oversees have gone missing.

Information Source:
Dataloss DB

records from this breach used in our total:
493

June 13, 2006

Oregon Department of RevenueSalem, Oregon

GOV

HACK

2,200

Electronic files containing
personal data of Oregon taxpayers may have been compromised by an
ex-employee who downloaded a contaminated file from a porn site. The
trojan attached to the file may have sent taxpayer information back
to the source when the computer was turned on.

Information Source:
Dataloss DB

records from this breach used in our total:
2,200

June 13, 2006

U.S. Dept of Energy, Hanford Nucear ReservationRichland, Washington

GOV

UNKN

4,000

Current and former workers
at the Hanford Nuclear Reservation were notified that their personal information
may have been compromised, after police found a 1996 list with workers'
names, Social Security numbers, birth dates, work titles, assignments, and telephone numbers in a home during an unrelated investigation.

Information Source:
Dataloss DB

records from this breach used in our total:
4,000

June 13, 2006

State of MinnesotaMinneapolis, Minnesota

GOV

PORT

Unknown

Three laptops with sensitive information were lost or stolen from the office of a state auditor. The missing laptops may have contained Social Security numbers and other personal information on local government employees. There was no evidence of forced entry and the office is not normally accessible to the general public.

Information Source:
Dataloss DB

records from this breach used in our total:
0

June 14, 2006

American International Group (AIG), Indiana Office of Medical Excess, LLCNew York, New York

BSF

STAT

930,000

The computer server was
stolen on March 31 containing personal information including names,
Social Security numbers, birth dates, and some medical and disability
information.

UPDATE (1/12/2010) A 28-year-old Indianapolis man was sentenced today to two years in state
prison for trying to extort $208,00 from an insurance company after
stealing a computer server. In March 2006, the man burglarized the
Indianapolis office of AIG Medical Excess, threatening to release
clients' personal data on the Internet. The server contained the names
of more than 900,000 insured persons, as well as their personal
identifying information, and confidential medical information and e-mail
communications. At the time of the burglary, the man was an employee of
a private security firm that provided security services to the
insurance company. On July 23, 2008, Stewart delivered a package to the
insurance company. The package included a letter stating that he
possessed the stolen server and its confidential data. He asked for
$1,000 a week for four years, but the FBI and others intervened. The
Indiana State Police, the Indiana Department of Natural Resources,
Indianapolis Metropolitan Police Department, and Attorney General also
were part of the investigation.

Information Source:
Dataloss DB

records from this breach used in our total:
930,000

June 14, 2006

Law Finance Group Holdings, LLCReno, Nevada

BSF

STAT

1,237

On April 7, the organization discovered that a computer server had been stolen from its office. The equipment stored information on customers, employees, and prospects. The information included names, Social Security numbers and addresses.

Information Source:
Dataloss DB

records from this breach used in our total:
1,237

June 16, 2006

Union PacificOmaha, Nebraska

BSO

PORT

30,000

On April 29th, an employee's
laptop was stolen that contained data for current and former Union
Pacific employees, including names, birth dates and Social Security
numbers.

Information Source:
Dataloss DB

records from this breach used in our total:
30,000

June 16, 2006

New York State Controller's OfficeAlbany, New York

GOV

PORT

1,300

A state controller data cartridge
containing payroll data of employees who work for a variety of state
agencies was lost during shipment. The data contained names, salaries,
Social Security numbers and home addresses.

CDHS documents were
inappropriately emptied from an employee's cubicle on June 5 and
9 rather than shredded.
The documents contained state employees and other individuals applying
for employment with the state including names, addresses, Social
Security numbers and home and work telephone numbers. They were
mostly expired state employment certification lists, but also included
requests for personnel action, copies of e-mail messages and handwritten
notes.

On June 12, a box of
Medi-Cal forms from December 2005 were found in the cubicle of a
California Dept. of Health Services employee. The claim forms contained the names, addresses, Social
Security numbers and prescriptions for beneficiaries or their family
members.

Information Source:
Dataloss DB

records from this breach used in our total:
1,550

June 18, 2006

ING U.S. Financial Services, Jackson Health SystemMiami, Florida

BSF

PORT

13,000

Two ING laptops that
carried sensitive data affecting Jackson Health System hospital
workers were stolen in December 2005. The computers, belonging to
financial services provider ING, contained information gathered
during a voluntary life insurance enrollment drive in December and
included names, birth dates and Social Security numbers.

Information Source:
Dataloss DB

records from this breach used in our total:
13,000

June 18, 2006

ING U.S. Financial ServicesWashington, District Of Columbia

BSF

PORT

13,000

A laptop was stolen from an employee's
home. It contained retirement plan information including Social Security
numbers of D.C. city employees.

Information Source:
Dataloss DB

records from this breach used in our total:
13,000

Breach Total

816,044,756 RECORDS BREACHED(Please see explanation about this total.)from 4,506 DATA BREACHES made public since 2005